Scribe Security’s evidence-based security hub validates software integrity
Security Scribe launched an evidence-based security trust hub, delivering true end-to-end software supply chain security.
Over the past few years, software supply chains, both open source and proprietary CI/CD pipelines, have become more prone to attack than ever. In 2022, Gartner listed digital supply chains as a major trend to watch and a major growing attack surface. This puts the integrity of the organizations code, customers and brand reputation at risk. Even a faulty software component or a security hole in the CI/CD that can lead to malicious access to the development environment can be enough.
Security professionals, software engineers, and DevOps teams are challenged to establish transparent, evidence-based trust in the software they use or provide. Scribe Security took the lead and became the first vendor to introduce the concept of a single consolidated hub for software product security evidence, launching a user-friendly and easy-to-use platform.
Unlike other software supply chain security solutions, Scribe’s Evidence-Based Security Hub supports a workflow for sharing SBOMs, as well as other aspects of software security, between or within companies, making software product security transparent to customers, buyers and security teams.
“SBOM is a best practice that should become widely required and used to mitigate software supply chain risk. With that in mind, we decided to pioneer and launch an easy-to-use platform that serves as the hub for a plethora of security proofs for software products,” said Rubi Arbel, co-founder and CEO of Scribe Security. “Scribe’s platform offers a complete self-service experience. It is easy to implement and use, as it is plugin and CLI based. And finally, you can start with a freemium, without any conditions.
Scribe continuously attests to the reliability of the software, so that stakeholders can:
- Ensure a secure development process
- Build and apply SDLC processes
- Validate that the code is tamper-proof
- Assess compliance with software supply chain standards such as SSDF and SLSA
“Validating software integrity is a challenge,” said Danny Nebenzahl, co-founder of Scribe Security and CTO. “Today, we are introducing a new technology to the market that offers a holistic solution for continuous, evidence-based assurance of software components and artifacts as well as CI/CD processes. We ensure that the entire software supply chain is not compromised. With the Scribe platform, teams can generate, manage, and share SBOMs, validate integrity, and track vulnerabilities of their containers, dependencies, and pipelines.
Scribe Platform Key Features:
- Automatically generate and manage SBOMs and security information
- Validate code integrity and provenance
- Track vulnerabilities in containers, dependencies and pipelines
- Detect code tampering
- Continuously demonstrate compliance with supply chain regulations and best practices
- Share all of this selectively, in a controlled way, with internal stakeholders across organizations